npm package diff
Package: @forge/csp
Versions: 5.5.0-next.0 - 5.5.0-next.1
Modified: package/out/csp/csp-injection-service.js
Index: package/out/csp/csp-injection-service.js
===================================================================
--- package/out/csp/csp-injection-service.js
+++ package/out/csp/csp-injection-service.js
@@ -128,14 +128,14 @@
exports.getAtlassianImageHost = getAtlassianImageHost;
exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = ['https://secure.gravatar.com', 'https://images.unsplash.com'];
class CSPInjectionService {
constructor() {
- this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHostDomain }) => {
+ this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost }) => {
const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
const defaultSrc = ["'self'", ...getFOSHostDownload(microsEnv, icOptions)].join(' ');
const frameAncestors = [
"'self'",
- ...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHostDomain),
+ ...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost),
...getFOSHostDownload(microsEnv, icOptions)
].join(' ');
const frameSrc = [
"'self'",
@@ -251,10 +251,11 @@
allowed.push(...getFOSHostDownload(microsEnv, icOptions));
allowed.push(...getFOSHostUpload(microsEnv, icOptions));
return allowed;
}
- getFrameAncestors(microsEnv, hostname, icOptions, macroParentHostDomain) {
+ getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost) {
let frameAncestors = [];
+ const localhostWithPortRegex = /^localhost:\d+$/;
switch (microsEnv) {
case 'dev':
case 'stg':
frameAncestors = [
@@ -264,10 +265,10 @@
'https://integration.bb-inf.net',
'*.atl-paas.net',
'*.stg.atlassian.com'
];
- if (macroParentHostDomain) {
- frameAncestors.push(`${macroParentHostDomain}.cdn.stg.atlassian-dev.net`);
+ if (macroParentHost && !localhostWithPortRegex.test(macroParentHost)) {
+ frameAncestors.push(`${macroParentHost}.cdn.stg.atlassian-dev.net`);
}
break;
case 'fedramp-stg':
frameAncestors = ['*.atlassian-stg-fedm.net'];
@@ -289,10 +290,15 @@
'*.jira.com',
'*.atlassian.com',
'*.frontend.public.atl-paas.net'
];
- if (macroParentHostDomain) {
- frameAncestors.push(`${macroParentHostDomain}.cdn.prod.atlassian-dev.net`);
+ if (macroParentHost) {
+ if (localhostWithPortRegex.test(macroParentHost)) {
+ frameAncestors.push(macroParentHost);
+ }
+ else {
+ frameAncestors.push(`${macroParentHost}.cdn.prod.atlassian-dev.net`);
+ }
}
break;
}
if (hostname) {Modified: package/package.json
Index: package/package.json
===================================================================
--- package/package.json
+++ package/package.json
@@ -1,7 +1,7 @@
{
"name": "@forge/csp",
- "version": "5.5.0-next.0",
+ "version": "5.5.0-next.1",
"description": "Contains the CSP configuration for Custom UI resources in Forge",
"main": "out/index.js",
"author": "Atlassian",
"license": "SEE LICENSE IN LICENSE.txt",
@@ -10,10 +10,10 @@
"compile": "tsc -b -v",
"clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
},
"devDependencies": {
- "@forge/cli-shared": "8.11.0-next.3",
- "@forge/manifest": "11.1.1-next.1",
+ "@forge/cli-shared": "8.11.0-next.4",
+ "@forge/manifest": "11.2.0-next.2",
"@types/jest": "^29.5.14",
"@types/node": "20.19.1",
"cheerio": "^1.1.0"
},Modified: package/out/csp/csp-injection-service.d.ts.map
Index: package/out/csp/csp-injection-service.d.ts.map
===================================================================
--- package/out/csp/csp-injection-service.d.ts.map
+++ package/out/csp/csp-injection-service.d.ts.map
@@ -1,1 +1,1 @@
-{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAsJ1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAkCrB,OAAO,CAAC,iBAAiB;IA4DlB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAoFV;CACH"}
\ No newline at end of file
+{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAsJ1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAkCrB,OAAO,CAAC,iBAAiB;IAkElB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAoFV;CACH"}
\ No newline at end of fileModified: package/CHANGELOG.md
Index: package/CHANGELOG.md
===================================================================
--- package/CHANGELOG.md
+++ package/CHANGELOG.md
@@ -1,6 +1,12 @@
# @forge/csp
+## 5.5.0-next.1
+
+### Patch Changes
+
+- ddc6274: Add localhost to frameAncestors in prod when passed in appContext
+
## 5.5.0-next.0
### Minor ChangesModified: package/out/csp/csp-injection-service.d.ts
Index: package/out/csp/csp-injection-service.d.ts
===================================================================
--- package/out/csp/csp-injection-service.d.ts
+++ package/out/csp/csp-injection-service.d.ts
@@ -17,16 +17,16 @@
private getMetalClientCSP;
private getExistingCSPDetails;
private getConnectSrc;
private getFrameAncestors;
- getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHostDomain }: {
+ getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost }: {
existingCSPDetails: CSPDetails;
microsEnv: LambdaEnvironment;
tunnelCSPReporterUri?: string | undefined;
hostname?: string | undefined;
isFedRAMP?: boolean | undefined;
icOptions?: IcOptions | undefined;
- macroParentHostDomain?: string | undefined;
+ macroParentHost?: string | undefined;
}) => string[];
}
export {};
//# sourceMappingURL=csp-injection-service.d.ts.map
\ No newline at end of file